I've got some machines which automatically update DNS in Route53. So far there are only two zones in Route53, and both of them are updated this way, so I have an IAM policy which says "blah blah blah, Resource: "*"" and everything is good. Now I want to add a third zone, and not let those machines mess it up - so I need to change the Resource: to something specific.
Amazon tells me this value that the resource specification
should follow the following format:
arn:aws:route53:::<resource>/<id>. Multiple values are comma limited.
What I don't know is how to determine the values of <resource> and <id>. Where do I find those? I can see a "hosted zone ID" in the Route53 web GUI and assume it's related, but don't know exactly how.
This is addressed in Controlling User Access with IAM, specifically in Route 53 ARNs:
The requested ID is listed in column
Hosted Zone IDin the top level Hosted Zones summary of the Route 53 section within the AWS Management Console. Alternatively, you can list your hosted zones via an API call as usual (specifically GET ListHostedZones), and the response contains a respectiveIdelement for eachHostedZoneelement in turn.